Like we really needed this.

Hacker’s Blog

February 28, 2006

They just don’t get it: N.H. Breach May Have Exposed Credit Card Data – Computerworld

Filed under: Security — Hacker @ 8:49 am

I suppose it’s too much to ask for organizations who have weak security programs to understand real risk. Here is a fine example, a Security swiss army knife like tool was found on a server that processed Credit Card transactions. So what do we do? Panic!

N.H. Breach May Have Exposed Credit Card Data – Computerworld Admittedly, the article says that a person is being investigated, but that’s not the focus. The tool is being blamed and not the person.

Cain & Abel has several capabilites. Amongts them are password / hash cracking and sniffing. Now if sniffing is considered the threat here, then I’d expect that the server and LAN have no other sniffing tools installed. Otherwise the smart attacker would just grab packets and crack offline. Cain & Abel alos has the ability to turn poorly configured switches into hubs. If this is the threat, then the target was not the system Cain & Abel was running on.

If the cracking is considered the threat, then all the evidence is right there on the system. It should be easy to determine what was going on.

Cain & Abel also has some useful tools for troubleshooting, such as a TCP Traceroute capability. Those trying to troubleshoot connectivity across several firewalls need tools like this to do so. It is very likely that this server was involved in such communications and needed that troubleshooting capability. Of course, if all this end’s up being is some sysdamin installing something that shouldn’t have been installed, then we won’t ever hear about this again, because that is not news.

• • •
 

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Like we really needed this.